Mosaci FSI Information Security Management System

This information security management system (ISMS), having been approved by top-level management, outlines the overall security management framework for Mosaic FSI

This policy applies to all systems, people and processes that constitute the organisation’s information system, including board members, directors, employees, suppliers and other third parties who have access to Mosaic FSI systems.

This ISMS methodology is based on the ISO 27001 standard, the methodology and checklist can be found between pages 10 – 12.

The ISMS document is a signposting document and is linked with the following Mosaic FSI documents.

  • Information Security Policy
  • ISO 27001 Statement of Applicability
  • ISO 27001 Risk Assessment Methodology including appendix 1 – Risk Assessment Table spreadsheet and appendix 2 – Risk Treatment Table spreadsheet
  • IT and Social Media Policy including social media threats awareness.
  • Cyber Security and Phishing Awareness
  • Data Protection Policy including data privacy awareness.
  • Data Breach Notification Plan
  • Business Continuity Plan
  • Incident Management Procedures
  • Internal audit checklist
  • Internal audit report

Human Resource Privacy Documents

  • Confidentiality agreement
  • Consent form for new employees uses of data.
  • Consent form for unsuccessful job applicants
  • Consent form for the use of data for existing employees
  • Consent form for employees who is leaving.
  • AML onboarding policy
  • Anti-Bribery policy


  • Supplier Assessment

Record Keeping

  • Records Retention and Protection Policy
  • Mosaic FSI Security Log
  • Document Control Procedure

Download the complete Information Security Management System